Microsoft-identity-web: CORS error Azure B2C

Created on 12 Sep 2020  路  9Comments  路  Source: AzureAD/microsoft-identity-web

Please follow the issue template below. Failure to do so will result in a delay in answering your question.

Library

Microsoft.AspNetCore.Authentication.AzureADB2C.U

Description

Hi everyone!
I developed an application that works with Azure B2C and I have my work flow available for profile editing, when I want to edit a data , this redirect to index but with a cors error.
I'wll attach the issue description. Please, can anyone help me with this?

Request at 'https://xxxxx.b2clogin.com/xxxxxx.onmicrosoft.com/b2c_1_signup鈥veCtN0Bnp1GpsilHJRtFb&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0' (redirected from 'https://xxxxx.azurewebsites.net/xxxxxx/xxxxxxx') from origin 'https://xxxxxxx.azurewebsites.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

error (1)

My app is already registrated in the azure portal

Examples:

"How do I use MSAL with Vue.js"
"How do I SSO between tabs?"
"How do I use MSAL to protect my custom Web API?"
"How can my app support multiple AAD tenants?"
"When will my scenario be supported?"
"When will this framework be supported"

b2c more info needed

All 9 comments

Have you set your application to the "SPA" type in the portal? We have documentation on registering applications in the portal.

In the future, please fill out the issue template with your configurations, versions, and usage. Can you add these to your post or in a comment?

@jmckennon Thank you for replying my message

I am developing an app using asp net core 3.1 MVC that works with Azure B2C. This app comunicates with an API which is also authenticated, when I try signing in my app, this directs to b2c login and it works well, but I have an option where i can edit th profile with the same work flow that has b2c and each time I uptade a data , this redirects to index page where, I get the following error.
Note: my app is already registrated in the azure portal

I'wll attach the issue description. Please, can anyone help me with this?

Request at 'https://xxxxx.b2clogin.com/xxxxxx.onmicrosoft.com/b2c_1_signup鈥veCtN0Bnp1GpsilHJRtFb&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0' (redirected from 'https://xxxxx.azurewebsites.net/xxxxxx/xxxxxxx') from origin 'https://xxxxxxx.azurewebsites.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

error (1)

Library

Microsoft.AspNetCore.Authentication.AzureADB2C.U

Startup.cs (App Client)

app.UseCors(builder =>
            {
                var origins = new[]
                {
                    "https://xxxxxxx.b2clogin.com",
                    "https://xxxxxx.onmicrosoft.com
                };
                builder.WithOrigins(origins)
                    .AllowAnyHeader()
                    .WithMethods("GET", "POST")
                    .AllowCredentials();
            });                   

##Configuration

AppSetting.json
appjson (1)

Authentication redirect URIs
B2c Redirect (1)

Log

Failed to load resource: the server responded with a status of 499 ()
(index):237 /controller/action
(index):1 Access to XMLHttpRequest at 'https://xxxxxx.b2clogin.com/xxxxxx.onmicrosoft.com/b2c_1_signupsigninfev2/oauth2/v2.0/authorize?client_id=128309b1-6a36-4125-a8ad-79fb4ce15103&redirect_uri=https%3A%2F%2Fxxxxxxxx.azurewebsites.net%2Fsignin-oidc&response_type=code%20id_token&scope=https%3A%2F%2xxxxxx.onmicrosoft.com%2F832f9925-4263-4d0a-aa06-ae4e0932ecd6%2Fuser_impersonation%20openid%20offline_access%20profile&response_mode=form_post&nonce=637351958724270104.ZWRlZDVjNzktYWFiYi00MTgwLTljZjgtODE5OWFhNWE2Njg3NjA5YTU1ODUtNDY2My00MGUyLWE0ZWEtOWFiZGU5ZmYwNDRm&login_hint=nameuser&client_info=1&state=CfDJ8IPYoFjkL2ZPsRjVerbR-HqAjHu5c-PTQamel9WavZ2TdppjjtTORcAKrGCObmYmQGCQEe78OacI88rfdhgQz7os-q60oLhNTWyyxBU0hs42QbZWoffItQmRwyP-OU7VXDh_cTw3xa2AXRMtA3st0C9gH5-F3p0APNuE0H-_8A97qEEZ0cc7x8ygSzwBXqUWiiJ0z2n7u3YBwgcWai4-UMIhyxrk2_U_hA4QVrggTJaXHWCA6AGgLlaBpGlVXYlUYPogSAnnTFs0gG6oBjt5fZpOdkS3tCMEMLCrWxnfWL-FWv50E4MqPqv4TrUsrHJa3mvDr3RQX5OsHws9SlqSZhkveCtN0Bnp1GpsilHJRtFb&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0' (redirected from 'https://xxxxxxx.azurewebsites.net/controller/action') from origin 'https://xxxxxxxxx.azurewebsites.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
(index):268 error : 0 - error - undefined
xxxxxx.b2clogin.com/xxxxxxxx.onmicrosoft.com/b2c_1_signupsigninfev2/oauth2/v2.0/authorize?client_id=128309b1-6a36-4125-a8ad-79fb4ce15103&redirect_uri=https%3A%2F%2Faxxxxxx.azurewebsites.net%2Fsignin-oidc&response_type=code%20id_token&scope=https%3A%2F%2Fxxxxxxxx.onmicrosoft.com%2F832f9925-4263-4d0a-aa06-ae4e0932ecd6%2Fuser_impersonation%20openid%20offline_access%20profile&response_mode=form_post&nonce=637351958724270104.ZWRlZDVjNzktYWFiYi00MTgwLTljZjgtODE5OWFhNWE2Njg3NjA5YTU1ODUtNDY2My00MGUyLWE0ZWEtOWFiZGU5ZmYwNDRm&login_hint=usernam&client_info&client_info=1&state=CfDJ8IPYoFjkL2ZPsRjVerbR-HqAjHu5c-PTQamel9WavZ2TdppjjtTORcAKrGCObmYmQGCQEe78OacI88rfdhgQz7os-q60oLhNTWyyxBU0hs42QbZWoffItQmRwyP-OU7VXDh_cTw3xa2AXRMtA3st0C9gH5-F3p0APNuE0H-_8A97qEEZ0cc7x8ygSzwBXqUWiiJ0z2n7u3YBwgcWai4-UMIhyxrk2_U_hA4QVrggTJaXHWCA6AGgLlaBpGlVXYlUYPogSAnnTFs0gG6oBjt5fZpOdkS3tCMEMLCrWxnfWL-FWv50E4MqPqv4TrUsrHJa3mvDr3RQX5OsHws9SlqSZhkveCtN0Bnp1GpsilHJRtFb&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0:1 Failed to load resource: net::ERR_FAILED

For clarity: Are you using msal js and some version of msal.NET or just one of these libraries? This was unclear to me based on your code/screenshots.

@jmckennon thank you for replying me again
I'm using this.
image

@MellVgaEcu looks like this should go in the Microsoft Identity Web repo, i don't see a way to transfer the issue over there.
Also, did you try with the latest version of MS Identity Web (version 0.4.0-preview)? We've had a lot of b2c related fixes since 0.1.4-preview. Also, w/MS Identity Web, you don't need the AzureADB2C.UI anymore, as you will use Microsoft.Identity.Web.UI

@jennyf19 I got it XD
image
I updated the packages you told me and then I re-wrote this code in Startup.cs
image
and I used new methods
image

thank you very much ...

@MellVgaEcu are you getting the same error with the updated package?

@jennyf19 No, After updating the packages,my issue was resolved.

@MellVgaEcu awesome! Thanks for letting us know so quickly.

Was this page helpful?
0 / 5 - 0 ratings